vSRX

  • 1.  vSRX new architecture - 3.0

    Posted 06-06-2019 17:02

    I've been using vSRXs for some time and have always stuck with the recommended version, which is currently 15.1X49-D180 on the Juniper website. I've known for a while there are quite a few newer major releases available - 17.x, 18.x, even 19.x. I've also just learned that there is an entirely new architecture, SRX 3.0, cutting out the QEMU/KVM abstraction that has historically caused us a bit of nested virtualization drama; https://www.juniper.net/documentation/en_US/vsrx/information-products/topic-collections/release-notes/19.1/topic-98044.html#jd0e101

    I've spun up a vSRX 3.0 VM and it's boot time is notably quicker. I've also observed that the VM NIC MAC addresses are actually visible to the guest rather than abstracted now, which is nice.

    Can anyone tell me why 15.1X49 is still the recommended version? Does anyone have experience with 3.0 or 19.1, and would recommend for or against using them?



  • 2.  RE: vSRX new architecture - 3.0

     
    Posted 06-07-2019 03:48
    Hi, While there is a feature parity with respect to security features some of the platform specific features are not yet available in vSRX3.0. I would say this could be the reason it is not yet recommended. This KB is useful to understand: https://kb.juniper.net/InfoCenter/index?page=content&id=KB33572 We have a few customers where vSRX3.0 has been tested extensively without any major issues reported. Regards, Vikas


  • 3.  RE: vSRX new architecture - 3.0

     
    Posted 06-07-2019 03:52
    Hi,

    While there is a feature parity with respect to security features some of the platform specific features are not yet available in vSRX3.0.

    I would say this could be the reason it is not yet recommended.

    This KB is useful to understand: https://kb.juniper.net/InfoCenter/index?page=content&id=KB33572

    We have a few customers where vSRX3.0 has been tested extensively without any major issues reported.

    Regards,

    Vikas


    Juniper Internal


  • 4.  RE: vSRX new architecture - 3.0

    Posted 06-08-2019 02:41

    The "recommended" release process is run by the JTAC organization. The process is not public, but what I have heard is this takes a wholistic approach that includes factors like:

     

    minimum deploy base actually in use by customers (this insures a valid base of data for the analysis)

     

    experience of types, levels and severity of TAC tickets by the version once the higher version is running on enough customers with statistically normal levels of tickets it becomes recommended

     



  • 5.  RE: vSRX new architecture - 3.0

    Posted 06-22-2019 08:51

    if you have used Junos for some time I'm sure you already know that should never, ever, never, never run the "latest release" - in contrast to others like Windows and Mac the lastest releases of Junos should actally be called beta releases based on the number of bugs they generally will have. 



  • 6.  RE: vSRX new architecture - 3.0

    Posted 06-10-2020 09:03

    Hi All

    I must perform a new vSRX installation with version 20 to migrate a Cisco ASA and I have a doubt which of the two platforms I install, vSRX or vSRX 3.0.

    According to the new version, what are the advantages or disadvantages?. I want to install vSRX 3.0 but I still don't know what I can lose with this choice.

    TIA
    Cristian



  • 7.  RE: vSRX new architecture - 3.0

     
    Posted 06-10-2020 13:50

    Hi,

     

    - why 20?

    - the KB provided a year ago still is good advise and meanwhere there is parity afai can tell

    https://kb.juniper.net/InfoCenter/index?page=content&id=KB28776#srx_series has a recommended version for vSRX3.0 meanwhile

     

    Regards

     

    Ulf



  • 8.  RE: vSRX new architecture - 3.0

    Posted 06-10-2020 14:38

    Hi

    Version 20 because is the last released of vSRX. 

    In the URL only 18 versions. Why are there no versions 19 and 20 recommended?

    TIA
    Cristian

     



  • 9.  RE: vSRX new architecture - 3.0

     
    Posted 06-12-2020 06:31

    Hi,

     

    there is a difference between:

     

    - "I must perform a new vSRX installation with version 20"

    and

    - I want "Version 20 because is the last released of vSRX"

     

    Either you want latest and greatest, then you're free to pick whatever you want.

    Or you can follow the (conservative) advise and pick the recommended version.

     

    Regards

     

    Ulf